Wireshark-dev: [Wireshark-dev] RDP protocol
From: Kaul <[email protected]>
Date: Mon, 29 Oct 2007 11:57:28 +0200
I've added to the Wiki a link to a document detailing very clearly the protocol details - http://efod.se/writings/thesis.pdf .
Specifically, the BER encoded stuff is a public key and some nonce. I think it's inside an X.509 certificate.